Simon Heron – SecureNet

Traditionally, malware has tended to originate mainly from countries like Brazil and America, with other nations such as Korea and India joining them in the top 10 malware charts in recent years. However, October’s threat stats reveal that the level of malware originating from the top 10 is decreasing.

Unfortunately, rather than an overall decrease in spam and virus levels, this only means that the sources of malware are starting to spread to other nations. As mentioned earlier this month international co-operation is incredibly important in the fight against malware producers, especially if, as October’s figures suggest, producers are spreading their net of operations to nations which have little experience of this crime.

So, what does this mean for us as internet users? Well, we all need to ensure that we are doing our part to prevent this crime from being a profitable one. That means protecting our computers from intrusions and doing everything in our power to protect our personal data when online. Not only should we all be wary about what links we click on in emails, social networking sites and IM, but we should examine what data we put online. How much information do you give away on your Facebook profile for example? How secure are your passwords? In the end, it will be difficult for any level of international co-operation to succeed in tackling cyber-crime if we as individuals do not exercise caution ourselves.

The October threat stats can be viewed in full on the Network Box website.

We’ve just published the third guide in our ‘Forgotten Security’ series. The new guide, which is available free from the Network Box website, centres around the topic of change control.

In short, change control is about ensuring that any changes made to the company network are done in an accountable, traceable and fixable manner. For all changes made there has to be a way to roll back the amendment, a way to analyse the steps taken in making the change, and the ability to see who made the original change request.

Many businesses allow any member of the IT department to make changes to internal systems as they see fit, and while the changes may be urgently needed, they are often carried out as quickly as possible, with little thought for what might happen in the worst case scenario.

Whilst the pressures that all businesses face these days over time and resources may discourage managers from implementing a change control procedure, having an established change control process can mitigate the risk that changes can represent to the company network.

In the guide, we provide ten steps to managing the change control process. We recommend that companies:

1. Restrict the number of staff members permitted to make changes.
2. Establish and follow change criteria.
3. Evaluate the risk of making the change.
4. Have records of who requested the change.
5. Test the impact of the change on security.
6. Plan the change so that teams impacted will know when the change is scheduled to happen, and what the impact will be on their work.
7. Build and test the change.
8. Build in the ability to roll-back the change.
9. Keep users aware of when the changes are due to be made.
10. Review the change. Was it worth making and what do the users think?

Of course, external threats such as viruses will be at the forefront of most peoples mind when talking about protecting the network, but we should not forget the potential of a simple mistake to cause disruption, cost money and leave the network vulnerable to attacks. The ultimate aim of implementing a change control process is to help minimise the likelihood of this occurring.

For some time, cyber-criminals have been writing and distributing scareware as part of their arsenal in the battle to take control of our computers. Put simply, scareware programs are designed to frighten people into running malicious software by popping up when the user is online and declaring that viruses/Trojans have been detected and that all the user has to do is run the program they provide to clear up the ‘infected’ system.

Anti-virus provider Symantec have recently released a report which indicates that this practice isn’t going away.  I am always a bit sceptical about how much criminals really earn carrying out virus writing scams.  I suspect the majority could be described as ‘failing businesses’, with a smaller number actually making some money and then selling their technology to those new to the scam. As users, this doesn’t help us as. There is still a lot of scareware out there, and many people still falling for it. (Forty-three million in the last year according to Symantec).

So, why are so many of us still falling for this con trick if it’s been around for so long? Why is it that people will just download from a site they have never heard of, a site which doesn’t appear to specialise in anti-malware, rather than use reputable anti-malware solutions?

One theory is that users are relaxed, at home and feeling secure. Hence their defences are down, and they will believe anything.
Lack of awareness could also be a issue. This is difficult for me to believe as all I seem to read about are scams and malware, but then again that is what I do so perhaps it is not surprising.

Another thought is that the message is almost too strong. That people are aware of malware, and know that they need protection, so when they get told that they are infected they believe it, and want a quick, easy solution which the pop-up box is presenting to them.
Perhaps the initial panic that the user experiences when informed about the ‘infection’, kicks in and drives them to download the first ‘remedy’ available. Maybe they’re just clicking anything to get rid of the error message.

Logically, users that have a fully updated security suite installed on their system shouldn’t experience the same kind of panic and feeling of vulnerability that would prompt them to click this message. However, what about those users who don’t have a security solution installed? For home users, security suites can be purchased for as little as £20 these days. That’s not to mention the legitimate free anti-virus providers that home users can install.

The fact is, people are clicking on these messages and getting infected, which is a problem for all of us. Perhaps, rather than individual campaigns targeted at certain issues of the moment, the industry as a whole needs to co-operation on a national awareness campaign, highlighting the risks and providing guidelines to the user on how to mitigate them.

A recent study funded by the EU has highlighted major differences in the spam enforcement policies of 22 member states. According to the report, which is published on Thursday, there is a wide variation across the EU of the numbers of prosecutions and the level of fines issued.

The report reveals the urgent need for an international, collaborative approach in the fight against malware. Whilst some of our European neighbours have stringent anti-spam legislation, the UK’s policies have been diminished due to pressure from business interests such as the direct marketing industry.

In fact, the UK doesn’t even feature in the EU spam prosecution figures, because there haven’t been any cases taken to court (although those responsible have been prosecuted under other laws such as fraud). This does not mean that laws are not in place. Spammers can be fined up to £5,000 under the Data Protection Act, but to date, not a single fine has been levied.

The report concludes that there are many methods of combating spam and malware in the UK and that these methods are well publicised. However the fight against spam is currently tackled on an individual basis. The large array of programs available to internet users and the differing degree to which those users are aware of spam, malware and phishing scams have the potential to leave computers vulnerable to attack. In short, there needs to be not only an international level of co-operation, but a clear, unified and enforced domestic policy in place in order to stand a chance of winning the fight against malware. Without this, our defences are only as strong as the weakest link in the chain.

As a partner in Microsoft’s MAPP program, Network Box is provided with vulnerability information in advance of Microsoft’s monthly security update. As a managed security provider, Network Box is able to use this information to offer protection to customers efficiently and effectively.

Last week, Microsoft took the unusual step of publicly pre-announcing that they will be releasing 13 bulletins this week. Eight of the bulletins are rated critical, with the other five rated important. In total, 34 vulnerabilities will be announced, with most requiring a restart.

By receiving vulnerability information earlier, Network Box customers benefit from additional possible improvements that provide security protection, such as Active Intrusion Detection and Prevention, as part of the Network Box managed UTM+ services.

Network Box will release a report detailing each vulnerability, the active protection that we have released, and our recommendations regarding each vulnerability. The latest reports can be found on the Network Box MAPP support page, where you can find these a useful summary of the Microsoft announcements.

The recent arrests made in the US and Egypt of people accused of using phishing attacks to steal personal data is excellent news. As we recently noted in our monthly stats, the threat of phishing attacks remains high and the nations that these attacks are launched from, diverse, making international co-operation incredibly important in the fight to reduce these attacks and bring the perpetrators to justice.

But we should not lose sight of the personal responsibility that we all have regarding our own web security. Whether we’re using email or social media sites such as twitter, we should all continue to exercise caution regarding the personal information we give out, the friend requests we accept, and the links that we click on.

There are several free guides detailing secure use of social media on the Network Box site.

We are now providing a cloud security solution for all Network Box UK customers as part of our unified threat management service. The new service offers customers a choice of filtering, archiving and encrypting web and email content either through the customers on-site equipment or in the cloud.

The cloud security solution is recommended for customers who:

•    Have a high number of home or roaming users
•    Require off-site, backed up email archiving
•    Want to send encrypted emails to third parties, but don’t have email encryption set up on their servers
•    Need to manage large amounts of spam
•    Want to ensure that they have access to email even if the worst happens and the office or email server becomes inaccessible

The new system is based on Webroot’s Web Security Software as we have found that it offers the highest service levels around – a vital requirement when implementing a cloud solution such as this. Cloud security by no means a universal requirement, but for businesses that use cloud technology it provides both added security and the reassurance that they need.

Recently, Microsoft has confirmed that in excess of 10,000 hotmail passwords have been stolen and posted online.

As we highlighted in our September stats, phishing attacks are still very popular with criminals, and the general public need to be on their guard at all times against the increasingly sophisticated ploys that are being used by phishers.  As the full extent of the Hotmail breach is still unknown, all Hotmail account holders should take action to protect themselves and their data as soon as possible.

We would strongly recommend that Hotmail users change their passwords, secret questions and answers immediately.  Given that at least 60 per cent of people reuse their passwords, we would also urge customers to change other accounts where they use the same password as phishers now know that they get access to more than one account by stealing a password.

This is a perfect opportunity for people with multiple online accounts to review the strength and security of their passwords. As we have previously mentioned in our Authentication guide, the use of strong, complex and secure passwords is becoming vital, especially given the amount of personal and financial data we now store online.

Update: Latest reports state that Hotmail is not the only email service provider to fall victim to this attack. Therefore we recommend that you change your password and secret question for any online email accounts that you have.

Whilst the recent news that Microsoft has released a free computer security package to the public is reassuring, it does not detract from the fact that the world’s most popular operating system still has serious security flaws.

Windows operating systems have approximately 90 per cent of the overall market share. That’s a lot of computers, and a massive target for hackers, phishers and fraudsters to aim for. Of course, all operating systems have their security flaws, and Microsoft has provided a lead for all manufacturers by regularly releasing patches, updates and bulletins to help their users stay safe online. Therefore the release of Microsoft Security Essentials is just another way to prevent their customer base from being exploited due to the systems vulnerabilities.

Whilst Microsoft Security Essentials (MSE) will greatly help legitimate users, it  can only be run with a genuine copy of Windows, leaving everybody still vulnerable to spam and phishing from PCs with pirated copies who have become infected, which is going to be a large number. If it had been made available to everyone, this might have made serious inroads into the social problem that is malware but it is understandable that no company is going to legitimise users who steal their software.

This is a step in the right direction for Microsoft. There will be a significant number of systems cleaned up as a result of this release, but will it be as significant as the release of the Windows firewall a few years back that helped clean up the multiplicity of worms that were present then? Whilst MSE does provide protection against spyware, Trojans and viruses, it is not a fully featured application, as some of the third party alternatives are, as it lacks firewall (which arguably is already present on recent Windows platforms), phishing protection and intrusion prevention. However, in the end what users really need is a safe and secure system that they can use responsibly without fear of being exploited online. That may be some time coming!

Schools and colleges have very specific security requirements. Students access social networks, research their homework and even submit their coursework online. For this reason, we have found that schools benefit from a more flexible approach to online security.

Our latest guide, Securing Schools from Social Media Threats, details the threats that schools face. A lot of the risk stems from the desire to be social and to contribute to their online communities by uploading or downloading content and link sharing, which can impact bandwidth, put themselves at risk by sharing personal data and risk the schools computer network by exposing it to malware. Schools also need to ensure that all computers have the latest security updates and system patches installed, and roll out updates to all computers, rather than update individually.

In the guide, we recommend that schools create clear guidelines on internet usage and educate pupils about the importance of security, after all, children need to learn how to be safe online and schools are in the best position to guide them. We have previously published six free guides to secure social media usage, all of which can be downloaded from the Network Box site.

If you would like to read our guide in full, it can be downloaded for free from our website.